retitle -1 check signing key availability (add short keyid test case) severity -1 minor
Sam writes that the consequences of this bug are that dgit does a lot of work and then fails with a less than helpful error message. (Ie, as I thought, it does not carry on and use a possibly-wrong key, so this is a useability issue rather than a security problem.) I think here is the way to fix it: > I think a better approach is probably for dgit to do a private key > availability check first, in any case. The push fails annoyingly, > after a lot of work has been done, if your key isn't available, too. One test case that should be added is that this new check properly fails early when a short keyid is provided. Thanks, Ian. -- Ian Jackson <[email protected]> These opinions are my own. If I emailed you from an address @fyvzl.net or @evade.org.uk, that is a private address which bypasses my fierce spamfilter.

